How to Build an NBI with OS X 10.11 El Capitan

Updated video posted here:


OS X El Capitan introduced several changes to the System Image Utility when creating a NetInstall Image.  This white paper will walk through the required steps to successfully build a NBI file LANDESK can use to provision a Mac with LANDESK Management Suite.

Watch the how-to video here.


Beginning in LANDESK Management Suite 9.6, LANDESK changed the process to build NBI files.  We now leverage Apple’s System Image Utility to create bootable NBI file.  LANDESK has created a stamper utility that will subsequently inject the needed LANDESK information, while at the same time, reducing the NBI file down in size.  One of the major benefits of this process, is the NBI you have to push over the wire will be in the 500-600 MB size range as opposed to 6 GB+.

NBI Overflow copy.png

Prepare the OS X El Capitan Machine

  1. The first thing needed is the OS X El Capitan Installer. Download it and place it into the Applications Folder.
  2. The LANDESK Mac agent also needs to be installed on the device. Make sure you use an agent that is 9.6 SP2 or later.  For more information on how to deploy an agent, see
  3. Download the LANDESK Startup Disk Stamper Utility from
  4. An administrative account on the box

Build the NetInstall Image with Apple’s System Image Utility

  1. Launch System Image Utility from the Mac. Use the Spotlight Search to find it as it’s buried in an Applications folder under System > Library > CoreServices
  2. From the source dropdown picker, select Install OS X El Capitan and click Next. If you don’t see Install OS X El Capitan from the options menu, quit the System Image Utility, download the installer and put it into the Applications folder and then re-launch.Choose a Source
  3. Select the option NetInstall Image and click Next
  4. Agree to the License Agreement if prompted
  5. At this time, we don’t need to add any configuration options, as all of that will be built inside the provisioning process within the LANDESK Console. For the next 4 screens, just click Next with no items added or changed from the defaults.  Stop when you get to the Image Settings screen.
  6. Provide a Network Disk name to your liking. You’ll be asked to create a second name for the NBI file LANDESK’s stamps, so for me, I always put Apple in the name so I can be sure to differentiate the two.  Also, each image file needs to have a unique image index.  Feel free to choose whichever option best suits your environment.  I personally assign my indices so I can ensure a unique value.  Also, just by way of note, you’ll need to assign another unique ID when you use the LANDESK stamper.
  7. Select the computer models you want your NBI to support and click Next.FilterClient
  8. Pay special attention to the Filter Clients by MAC Address window. This pane essentially creates a whitelist or blacklist of client devices allowed to boot from your NBI file.  If you’re more security conscious, leave the radio button set to Allow and provide an import of all of the MAC addresses you care about.  Just know as you receive new machines, this will have to rebuild your NBI.  If you’re less concerned about unknown machines NetBooting from your NBI file, change the radio button to Deny and click Next.
  9. Finally, provide the path to where the Apple NBI file will be created and click the Save button. For ease of use when using the LANDESK stamper, I select the desktop.
  10. Enter your admin credentials on the box and wait for the NBI to be generated.

IMPORTANT NOTE: In OS X 10.11 El Capitan, Apple has introduced their new System Integrity Protection feature which affects how you are able to NetBoot devices. If you have need to NetBoot across subnets, you’re going to need to customize the NBI and add in your approved NetBoot server’s IP addresses.  To do this, prior to clicking next on step 8, make sure you set your desired filter state and then click Customize.

Once inside the Automater tool, you need to scroll down through the list of actions until you find the Bless NetBoot Server action.  Once you find it drag it to the far right, upper panel and drop it prior to the Create Image action.  Click on the + object for the Bless NetBoot Server and add in the IPs of your PXE representatives or your OS X NetBoot Servers as well as the IP of the Core Server.

Using this method, you’ll also need to finalize the name of your NBI file and the location to save it inside of the Create Image action.  When you have everything configured, click the Run button at the top right.  It’ll take it a couple of minutes to write the NBI file.  When it’s finished, go ahead and close both the Automator app as well as the System Image Utility app.


For more information on the SIP restrictions and the NetBoot process, see:

Stamp the Apple NBI File with LANDESK’s Startup Disk Stamper

  1. Launch the LANDESK Startup Disk Stamper. You can find the download link in the Overview section if you have not yet pulled it down from the LANDESK Community.
  2. Click the Choose button in the NBI Source panel and select the Apple NBI file previously generated
  3. Although a bit hidden in the dialog box, you can change the desktop background displayed during the NetBoot process by selecting the Choose button in the Agent Source panel. This step is optional.
  4. Set your destination type.
    1. If you intend to boot your NBI from the network, select the NetBoot Image radio button and push the Choose button to name your LANDESK NBI file and to indicate where you would like to save it.
    2. If you need to build a bootable USB drive, select the Removable Drive option and select the Device from the Finder window.LANDESK Stamper
  5. Set a second unique index. Since LANDESK is generating it’s own NBI file, you’ll want this value to be different from the value selected in step 6 for the System Image Utility NBI creation.
  6. Provide a description if desired and click Create
  7. Enter your admin credentials on the box and wait for the LANDESK NBI to be generated.

Note:  If you see ?? marks in any of the panels, the tool has not been properly configured or a 9.6 SP2 or later LANDESK Mac agent has not been installed.



How to Upgrade OS X Using LANDESK

OS X El Capitan (10.11) has been officially announced.  The beta for developers is available now, the public beta is to follow up shortly in July, with the official release to come in the Fall.  If you’re a Mac admin, that means it’s time to go through another round of updates and OS validation.  Woot, woot!

As admins we all know we have a love, hate relationship with yearly releases.  Personally we love them, it’s great to play with the latest OS and features it has to offer.  We only hate them because we know how much work it is to evaluate all of our apps and infrastructure services to see how badly we’re broken.

Luckily, LANDESK can help in the process to upgrade the OS.

As a LANDESK admin desiring specific beta users to evaluate El Capitan or if you’re just getting around to evaluating Yosemite, the short guide below can help you push out the OS from the centralized LANDESK console to a LANDESK managed Mac.

(Note: I have not yet validated any of the LANDESK OS X agent functionality with El Capitan.  It’s quite probable that a machine upgraded to El Capitan will no longer actively report in to the LANDESK console, so use caution.)

Pushing out an upgrade can be done in 3 steps.

Step 1 – Create the OS X Installer Package

Apple’s .app installer isn’t in the best format to remotely execute the installer contained within the .app file structure.  Luckily for us admins, there is a utility on GitHub that will convert the Apple .app installer to a .pkg more suitable for distribution.  Follow the directions below to download and create your installer package:

  • Go to and download the CreateOSXinstallPkg resource files
  • Download the developer beta of El Capitan or any other OS X installer application provided by Apple
  • From the Terminal app, browse to the folder downloaded from GitHub run the following command :
  • sudo ./createOSXinstallPkg —source /path/to/Install\ OS\ X\ Installer.appCreateOSXInstallPkg
  • Zip the package file created and copy it to your distribution share

Step 2 – Create the LANDESK OS X Upgrade Package

We now need to create a LANDESK package that points to the installer package we just created and copied to the distribution share.  This part is just the standard Mac package you would create for any other type of software distribution task.CreateLDMSUpgradePackage

  • From the LANDESK Console, open Tools > Distribution > Distribution Packages
  • Inside the menu tree, highlight My Packages or Public Packages and then select the New Package button on the menubar and select New Macintosh Package
  • Give the package a name, description and point the primary file to the zip file created previously
  • Fill out the Metadata details if desired
  • Save the package

Step 3 – Deploy the Upgrade Package

Now that we have our package created, we just need to deploy it.  As with any LANDESK package, you can deploy it optionally so that it shows up in the users’ portal or you can make it required.  With this package, just make sure it includes a reboot task.

  • Right click on the OS X upgrade package created and select Create Scheduled Task
  • Target the desired machine(s), user(s) or query(ies)
  • Right click on the task and select properties
  • Set the desired Task type under Task Settings
  • If you desire the end user to be able to initiate the task, set the radio button in the Portal Settings to either Recommended or Optional, otherwise set it to Required and it will automatically begin the upgrade during the next maintenance window
  • Change the Reboot Settings on the task to one that forces a reboot
  • Schedule the task


There you go, in short order your machines will be upgraded for OS X El Capitan, Yosemite or whatever other OS install you chose.

The release name of OS X 10.11 is…

With WWDC just around the corner, we have a competition going on at work as to who can accurately pick the release name for version 10.11 of OS X (pronounced /ˌ ɛs ˈtɛn/;[11] originally Mac OS X  see –

For years and years OS X was named after large cats.  It began in 2001 with 10.0 Cheetah and progressed through with each release.  10.2 was Jaguar, that was the first official version of OS X I personally used day in and day out. Through the years, other cat names followed, Panther, Tiger, Leopard, Snow Leopard, Lion, and Mountain Lion.

Well, Apple ran out of cool cat names and the theme changed in 2013 to California state attractions, the first of which was OS X 10.9 Mavericks.  A year later OS X 10.10 Yosemite followed suit and next week OS X 10.11 will be announced – presumably with a new shiny name.

As a result, the betting is on.  Here are some of the potential names we’ve come up with:

  • Redwood
  • Mammoth
  • California
  • Big Sur
  • Pacific
  • Diablo
  • Miramar
  • Rincon
  • El Cap
  • Redtail
  • Condor
  • Grizzly
  • Farallon
  • Tiburon
  • Monterey
  • Skyline
  • Shasta
  • Sierra
  • Mojave
  • Sequoia
  • Ventura
  • Sonoma

I’ve selected Condor and feel like I have about a 2% chance of getting it correct.  What’s your pick?